1. Field of the Invention
The present invention generally relates to data security, and more specifically, relates to a system and method that manages risk related to data access.
2. Description of the Related Art
Information equals to power and having access to the right information equals having a competitive advantage over others in today's world. Each company closely guards the information essential to their business. Traditionally, the access to sensitive information of each company is restricted to a small number of authorized personnel. This access control scheme is simple and easy to implement; however, it is static and not flexible to adapt to changing needs.
If a user is deemed high risk, then his access to the system is limited. If the user is deemed safe, then his access right to the system is broad. The rights assigned to the user do not tend to change. Once accesses are granted, the risks of these accesses are not evaluated and often there is no real time auditing of data access in the system. Therefore, a malicious privileged user may abuse his access rights without being noticed until some major failure happens or a disaster is created.
Therefore, there is a need for a system that evaluates and monitors risks associated with different accesses and it is to this system the present invention is primarily directed to.